Receiving a private key from server admin: ok or not?

authentication private-key ssh-keys

It is exactly as you say: The whole concept of public key authentication is that the private key should only be known to the owner, while the corresponding public key can be widely disseminated. The security of your authentication depends on the security of the private key, not of the security of the public key.

The fact that somebody else provides you with a private key automatically makes it compromised. (You don't know if that other admin still has a copy which can be used to impersonate you.)


For that key, the organization don't have non-repudiation. IE, if someone does something abusive or destructive to that system using 'your' key, the admin can't point the blame at you for being solely responsible for it. Since the person that gave it to you also had the key. It probably isn't that bad for you, since it gives you a defense, but horrible for the organization controlling the server, if something bad ever happens.

You might be able to use the write privileges you have from the provided keys, to update your authorized keys, and add your key, and remove the provided key.

Related

When would ssh -t not be appropriate instead of ssh?
Best way to get the MAC of eth0?
why do nginx process run with user nobody
nginx add header conditional on an upstream_http_ variable
Using environment variables in Kubernetes deployment spec
What is the best filesystem for insert performance on PostgreSQL?
Monitor number of bytes transferred to/from IP address on port
On Linux, how can I tell how many ephemeral ports are left available?
Best MySQL cache settings for 8gb RAM dedicated MySQL server using only InnoDB (5gb database)
Installing SSL on a Windows Server 2012 with IIS 8.0
Completely reset PostgreSQL to default?
How can I prepend to PATH while running Ansible's pip module?